New DARPA Program Targets Bootleg Components

The electronics industry has adopted a wealth of practices to foil or at least identify counterfeit components, from marking to x-raying. Now the Pentagon's Defense Advanced Research Projects Agency (DARPA) is calling upon engineers to solve the problem.

DARPA has published a call for proposals to develop a nearly microscopic component that could be attached to system components to help identify and combat counterfeit and suspect electronic parts.

Counterfeiter components are pervasive in the defense supply chain. Counterfeiters target both high-ticket chips and components that cost pennies. Worse, system failures associated with fake parts can lead to loss of life and failure of military missions.

In 2009 and 2010, more than 1,800 cases involving more than 1 million suspect parts were linked with known supply chain compromises, according to a May 2012 Senate Armed Services Committee report. "China is the dominant source country," the report said; more than 70% of the suspect parts the committee tracked through the supply chain were traced back to that country.

The new DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program is calling upon engineers to develop a tool that will verify protected electronic components without disrupting or harming the system. DARPA program manager Kerry Bernstein said in a press release:

SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do. The dielet will be designed to be robust in operation, yet fragile in the face of tampering. What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain.

DARPA said the proposed system would need to overcome and address with 100% assurance a comprehensive list of realities that inhibit the performance of electronic components, including:

Clones and copies, which may be of low quality, or may include hidden functionality

Components that are covertly repackaged for unauthorized applications

The program calls for the development of a dielet, a small (100 x 100 microns) component that "authenticates the provenance of electronics components." The proposed component would incorporate a full encryption engine, as well as tampering sensors.

Artist's concept of SHIELD technology.(Source: DARPA)

The resulting component would be affixed to the components being protected and would be scanned for information. It would not maintain an electrical connection with the host component. The dielets could be scanned individually or in batches. The information would be stored and shared in a centralized server, which would send a challenge to the device to confirm that no tampering has occurred.

It's interesting to note that this approach is working to solve some of the same problems that are being addressed by the DNA-based marking offered by Applied DNA. DNA marking is also being officially championed by the DoD and has the benefits of being useful for all types of products from books and uniforms to the systems in a fighter jet. On the downside, there are a limited number of scans supported and the marking has to be done at manufacture of the chip. i'm wondering what concerns readers have about this new idea? Would you prefer it over a plant-based DNA approach?

Hailey: Are the issues around fake components exclusive to the military or are there other parts of government that have the same problem with their supply chains? Or do we hear more about the DoD because of its budget and the massive amount of money it spends on procurements?

@sferguson, counterfeit components are a problem throughout the entire electronics supply chain. Defense applications have some key attributes: first, defense programs last for years and so these procurement organizations are more often faced with components that have been end of lifed (EOL) and so they must go to alternate sources. This often leads them to independant distributors--and a higher likliehood of counterfeit components. At the same time, budgets are probably not as tight as in a consumer electronics applications which means there may be room in the budget for the necessary testing. Testing is incredibly expensive (it can double or triple the cost of the component or even more). Finally, DoD apps are life critical. A failure can cost lives in a real way. The same is true for medical applications, but of course, no one is going to die if their smart phone bites the dust (unless in a VERY unusual circumstance.)

@HaileyMcK: It's interesting that you mention the healthcare part because as we move deeper and deeper into the Internet of Things, more and more of our medical devices, whether it's the smartphone to doctor uses or wearable that the patient has on to monitor vitals, are hooked into the Internet and require the components to make that happen. So what happens when counterfeit chips or components end up in a pace maker, or another piece of vital equipment? It's worth thinking about.

@sferguson10001, everything you say is true. Currently, there are no agreed upon standards for electronic devices in the medical industry. the International Electronics Manufacturing Initiative (iNEMI) is working toward it now. The group says:

The primary purpose of the project will be to develop a method for developing a test and screen matrix for electronic components that can be used to qualify the reliability performance of components for implantable and wearable electronic medical devices.

This is an incredibly important first step. It's going to be a big job, but it's got to happen. Lives depend upon it.

@Hailey, Given a 5-10 year timeframe for development and implimentation of the various components of this proposed technology the answer is simple. Do what we can NOW (DNA marking and use authorized suppliers when available), if and when something "better" comes along consider it. Time is of the essence and we shouldn't wait for the Holy Grail.

This will be cloned almost immediately. Count on it. So the system must be able to identify cloned chips. I assume that each will have a registered ID, so when a cloned chip is scanned, the server will show that component in two locations. How does the server verify that it has not moved from one location to the other? Will the server assume the second one is the fake? The only way I can see this working is to have all shipping tracked from manufacturer to end user. Can't that be done without the chip? Where does the system break down now? Through unscrouplous distributors? Maybe we need a certified distributor process where once a distributor is found to have sold an unauthorized part they loose thier certification and will require years of concerted effort to get it back.

You can deal with the cloning issue using a PUF (physically unclonable function). Digital sensor are available and the RFID technology is also available. The main challenge I see in developing a solution over the next 12-15 months is the size restriction and the one cent target. The proposal will be to deploy the technology in stages with differrent size and price targets. This not only a military issue. I think we will see this type of functionality on just about every IC within 10 years.